SQL Injection via order_by
SQLAlchemy allows SQL Injection via the order_by parameter.
Advisories for Pypi/Sqlalchemy package
2019
SQL Injection via group_by
SQLAlchemy has SQL Injection when the group_by parameter can be controlled.
SQLAlchemy allows SQL Injection via the order_by parameter.
SQLAlchemy has SQL Injection when the group_by parameter can be controlled.